I'd like to expose a simple TCP server written in Python to the internet. To authenticate clients, I'd like to rely on both client and server certificates. Does socketserver.TCPServer support this mode by default? If not, can you suggest how to extend the server to implement mutual authentication?
Asked
Active
Viewed 1,651 times
1 Answers
1
The default library doesn't handle secure sockets (SSL/TLS). Assuming you want to use that specific library no matter what, here's another discussion that shows a way to do it using the OpenSSL libraries.
If you want to write a server application, you might want to use Twisted, an event-oriented framework for writing network applications in Python. Here's the relevant documentation on how to enable SSL for a TCP server.
-
Thank you for the pointers. I've seen the SSL `wrap` approach before to enable SSL on `TCPServer`. But this doesn't enable mutual authentication, just server authentication. Do you happen to know about mutual authentication specifically? – Willi Ballenthin Jan 10 '14 at 22:57
-
There is a cert_reqs parameter in the wrap_socket call that governs whether a certificate is optional or required from the other end: http://docs.python.org/2/library/ssl.html#ssl.wrap_socket – GomoX Jan 11 '14 at 00:34